superglue handles credential management primarily through its encrypted vault. You can also pass credentials at runtime, which is useful for multi-user scenarios.
Flexible Credential Naming: The exact naming of credentials, except for OAuth cases, is not vital, since superglue maps credentials to the request automatically. This means that e.g. if the token has to be passed as a X-SERVICE-API-KEY, it is acceptable to name the token “api_key”. Given documentation and context, superglue will figure out how to place the API key to successfully complete the request.

Two Approaches

Store credentials in integration

Best for: Single-user environments / one integration per user setups / MCP setupsHow it works:
    • Store credentials securely in superglue’s encrypted vault
  • Credentials are automatically used for integrations
  • No need to pass credentials with each API call
  • superglue manages oauth

Provide credentials at runtime

Best for: Complex multi-user scenarios and SDK setups.How it works:
  • Keep credentials in your own secure storage
    (environment variables, vault, etc.)
  • Pass credentials at runtime with each workflow execution
  • superglue never stores your credentials
  • Supports 1:n integration:user scenarios.

Approach 1: superglue-Managed Credentials

Setup via Web Interface

  1. Go to app.superglue.cloud
  2. Navigate to “Integrations”
  3. Add your integrations with credentials:
1

Add Integration

Click “Add Integration” and select your service (Stripe, HubSpot, etc.)
2

Enter Credentials

Provide your API keys, OAuth tokens, or database connection strings
3

Save Securely

Credentials are encrypted and stored securely in superglue’s vault

Setup via SDK

import { SuperglueClient } from "@superglue/client";

const superglue = new SuperglueClient({
  apiKey: "your_superglue_api_key",
});

// Create integration with stored credentials
await superglue.upsertIntegration({
  id: "my-stripe",
  name: "Stripe Production",
  urlHost: "https://api.stripe.com",
  credentials: {
    stripe_secret_key: "sk_live_..." // This gets encrypted and stored
  },
  specificInstructions: "Use live Stripe API with rate limiting",
});

Using Stored Credentials

// First build the workflow
const workflow = await superglue.buildWorkflow({
  instruction: "Get all Stripe customers from last month",
  integrationIds: ["my-stripe"], // Uses stored credentials automatically
  responseSchema: {
    type: "object",
    properties: {
      customers: {
        type: "array",
        items: { type: "object" },
      },
    },
  },
});

// Then execute it
const result = await superglue.executeWorkflow({
  workflow,
});

Setup via MCP

With MCP, credentials are managed through the web interface and automatically used: 
{
  "mcpServers": {
    "superglue": {
      "command": "npx",
      "args": [
        "mcp-remote",
        "https://mcp.superglue.ai",
        "--header",
        "Authorization:${AUTH_HEADER}"
      ],
      "env": {
        "AUTH_HEADER": "Bearer your_superglue_api_key"
      }
    }
  }
}
Then in Claude Desktop:
“Connect to my Stripe account and get recent transactions”
superglue will use the stored Stripe credentials automatically.

Approach 2: Runtime Credential Passing

Environment-Based Credentials

// Store in environment variables
process.env.STRIPE_SECRET_KEY = "sk_live_...";
process.env.HUBSPOT_API_KEY = "pat-...";
process.env.DATABASE_URL = "postgresql://...";

// First build the workflow
const workflow = await superglue.buildWorkflow({
  instruction: "Sync Stripe customers to database via HubSpot",
  integrationIds: ["stripe", "hubspot", "postgresql"],
});

// Then execute with credentials passed at runtime
const result = await superglue.executeWorkflow({
  workflow,
  credentials: {
    stripe_secret_key: process.env.STRIPE_SECRET_KEY,
    hubspot_api_key: process.env.HUBSPOT_API_KEY,
    database_url: process.env.DATABASE_URL,
  },
});

Vault Integration

import { VaultService } from "./your-vault-service";

class SecureWorkflowExecutor {
  private vault: VaultService;
  private superglue: SuperglueClient;

  constructor() {
    this.vault = new VaultService();
    this.superglue = new SuperglueClient({
      apiKey: process.env.SUPERGLUE_API_KEY,
    });
  }

  async executeWorkflow(workflowId: string, userId: string) {
    // Fetch credentials securely from your vault
    const credentials = await this.vault.getCredentials(userId, [
      "stripe_key",
      "hubspot_token",
      "database_password",
    ]);

    // Execute with runtime credentials
    const result = await this.superglue.executeWorkflow({
      workflowId,
      credentials: {
        stripe_secret_key: credentials.stripe_key,
        hubspot_api_key: credentials.hubspot_token,
        db_password: credentials.database_password,
      },
    });

    return result;
  }
}

OAuth Token Management

superglue handles OAuth automatically! Token refresh, expiration management, and OAuth flows are all managed by superglue. You just need to provide the initial OAuth credentials.
What superglue handles for you:
  • ✅ Token refresh when expired
  • ✅ OAuth flow management
  • ✅ Scope validation
  • ✅ Rate limiting with OAuth APIs
  • ✅ Error handling for token issues
What you need to provide:
  • Client ID and Client Secret
  • Scopes (if custom)
  • Authorization URL (if not using templates)
// Simple OAuth setup - superglue does the rest
await superglue.upsertIntegration("hubspot-oauth", {
  id: "hubspot-oauth",
  name: "HubSpot OAuth",
  urlHost: "https://api.hubapi.com",
  credentials: {
    client_id: "your_hubspot_client_id",
    client_secret: "your_hubspot_client_secret",
    // superglue handles token refresh automatically
  },
  specificInstructions: "Use OAuth2 with contacts and deals scopes"
});

// Use it in workflows - no token management needed
const workflow = await superglue.buildWorkflow({
  instruction: "Get all HubSpot contacts created this month",
  integrationIds: ["hubspot-oauth"]
});

const result = await superglue.executeWorkflow({ workflow });
We have pre-built OAuth templates for popular APIs like HubSpot, Google Ads, Salesforce, and more. You can create a new integration and check the templates to see what is available. If an integration is not available, you can always create it manually and add auth url and scopes. Talk to us if you need help with this.

Integration-Specific Credential Patterns

Database Connections

// Stored credentials (connection string)
await superglue.upsertIntegration({
  id: "main-db",
  urlHost: "postgresql://<<user>>:<<password>>@<<host>>:<<port>>",
  urlPath: "/<<database_name>>",
  credentials: {
    user: "user",
    password: "pass",
    host: "host",
    port: 5432,
    database: "db",
  },
});
const result = await superglue.executeWorkflow({
  workflowId: "db-query",
  integrationIds: ["main-db"]
});

// Runtime credentials - this can be useful if you want to connect to different databases with one workflow (e.g. one set of credentials for each user)
const result = await superglue.executeWorkflow({
  workflowId: "db-query",
  credentials: {
    user: "user",
    password: "pass",
    host: "host",
    port: 5432,
    database: "db",
  }
});

OAuth APIs (HubSpot, Google, etc.)

For oauth integrations, you might need to authenticate the user through the web interface. To do so, set the client id and client secret, then open the integration in the web interface and click “Save” to open the authentication flow. Alternatively, you can set access token and refresh token manually: 
// Stored OAuth tokens
await superglue.upsertIntegration({
  id: "hubspot-crm",
  credentials: {
    access_token: "pat-na1-...", // optional - alternatively create a new integration in the browser and authenticate there
    refresh_token: "refresh_token_here", // optional
    client_id: "your_app_client_id",
    client_secret: "your_app_client_secret",
  },
});

// Runtime OAuth tokens
const result = await superglue.executeWorkflow({
  workflowId: "hubspot-sync",
  credentials: {
    hubspot_token: await getValidHubSpotToken(userId),
  },
});

Choosing the Right Approach

Use superglue-managed credentials:✅ Faster setup and iteration
✅ No credential management complexity
✅ Easy testing across team members
✅ Built-in credential validation
const workflow = await superglue.buildWorkflow({
  instruction: "Test Stripe integration",
  integrationIds: ["stripe-dev"] // Uses stored test credentials
});

await superglue.executeWorkflow({ workflow });

Next Steps

MCP Integration

Learn how credential management works with MCP and agent frameworks

SDK Integration

See examples of credential management in custom applications

Self-Hosting

Set up your own superglue instance with full credential control

OAuth Guide

Deep dive into OAuth integrations and token management